Analysis

  • max time kernel
    47s
  • max time network
    52s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/11/2024, 20:57

General

  • Target

    Supersonic-0.13.1-windows-x64-installer.exe

  • Size

    38.8MB

  • MD5

    813fb4a40e613894cab3d5c70451b787

  • SHA1

    5988c36911f47f4bf8d6874b325bd97c95c61139

  • SHA256

    79861be4663ce34d36c2ccbc518401b55e63a2045cec94b1bf55369994514d3b

  • SHA512

    0f5b8d88cf2aaf08e9dccb9af576f13b4ea75283c8bcb8d6cb37aa9a03f7560819b65899fc2901313b3671c3cb77561e2ff5155d2aa22daf1ccc090604f8981a

  • SSDEEP

    786432:GhExg/yGQddE7Q7sPgAdzj/+N99+a3CHDuwoWaHsEXpO:BVLE7Q7+/YnWqHB8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Supersonic-0.13.1-windows-x64-installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Supersonic-0.13.1-windows-x64-installer.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4292
    • C:\Users\Admin\AppData\Local\Temp\is-Q2916.tmp\Supersonic-0.13.1-windows-x64-installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-Q2916.tmp\Supersonic-0.13.1-windows-x64-installer.tmp" /SL5="$5028E,39694871,845824,C:\Users\Admin\AppData\Local\Temp\Supersonic-0.13.1-windows-x64-installer.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3112
      • C:\Users\Admin\AppData\Local\Programs\Supersonic\Supersonic.exe
        "C:\Users\Admin\AppData\Local\Programs\Supersonic\Supersonic.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2864
  • C:\Users\Admin\AppData\Local\Programs\Supersonic\Supersonic.exe
    "C:\Users\Admin\AppData\Local\Programs\Supersonic\Supersonic.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:760

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-Q2916.tmp\Supersonic-0.13.1-windows-x64-installer.tmp

          Filesize

          3.2MB

          MD5

          222624ede97df66c419e6881431b60f6

          SHA1

          068f19ec4b8ecaf34b66f4ec56b0738059e488d0

          SHA256

          e2bf967f4888ef3d688fac3eefba3496045eef11608746e4ce3a31fca39ab4ac

          SHA512

          9c48b9d044f146374c891586f61fe4f4733d27fb071a264fbebf4228ac2facaaf69053962756b6a994437cbab2be6c55cc246cc53ed9edc2ba282302b0d08183

        • C:\Users\Admin\AppData\Local\Temp\systray_temp_icon_0390da7cfeee2ceec21eb76008ad11bd

          Filesize

          12KB

          MD5

          0390da7cfeee2ceec21eb76008ad11bd

          SHA1

          9c909ebbb168569fc06957bac023baf079cd467e

          SHA256

          d8580cd1a0501f74ac9c7a15aa66120403cf6a42b466961869d8b1f23aaa5b86

          SHA512

          d3743f0599c871d0d6cd9902fe779f815d4a9b5cc741ac3dce083f0947a81af2d42705b50043d6792ebc045f64dee9dc420d9372a7cd3d856375244c52a9e6ca

        • C:\Users\Admin\AppData\Local\font_index_v3.cache

          Filesize

          34KB

          MD5

          c1e6e180b8753f7971d879342da6f0f4

          SHA1

          1a4dd322815c3714a156527b744b34cab77a6dcd

          SHA256

          5e562852305395081985f4a466818c32d57b875e0bf460a9ac99d78d5cdc9486

          SHA512

          1283175780cae9ac87f7fd84bb8f49d5d5d23e65a3376fab310db59f8b55e13687d6a3b6a8987d397142aa4727b064b46393b63b216b50b337b5165df48cb308

        • memory/760-48-0x00007FFE7D8E0000-0x00007FFE831B8000-memory.dmp

          Filesize

          88.8MB

        • memory/760-47-0x00007FF7585D0000-0x00007FF75BBB9000-memory.dmp

          Filesize

          53.9MB

        • memory/2864-40-0x00007FF7585D0000-0x00007FF75BBB9000-memory.dmp

          Filesize

          53.9MB

        • memory/2864-41-0x00007FFE7D0E0000-0x00007FFE829B8000-memory.dmp

          Filesize

          88.8MB

        • memory/3112-35-0x0000000000E60000-0x00000000011A3000-memory.dmp

          Filesize

          3.3MB

        • memory/3112-12-0x0000000000E60000-0x00000000011A3000-memory.dmp

          Filesize

          3.3MB

        • memory/3112-9-0x0000000000E60000-0x00000000011A3000-memory.dmp

          Filesize

          3.3MB

        • memory/3112-10-0x0000000000A00000-0x0000000000A01000-memory.dmp

          Filesize

          4KB

        • memory/3112-6-0x0000000000A00000-0x0000000000A01000-memory.dmp

          Filesize

          4KB

        • memory/4292-0-0x0000000000DC0000-0x0000000000E9C000-memory.dmp

          Filesize

          880KB

        • memory/4292-36-0x0000000000DC0000-0x0000000000E9C000-memory.dmp

          Filesize

          880KB

        • memory/4292-8-0x0000000000DC0000-0x0000000000E9C000-memory.dmp

          Filesize

          880KB

        • memory/4292-2-0x0000000000DC1000-0x0000000000E69000-memory.dmp

          Filesize

          672KB